| { |
| "feature_names": [ |
| "source_port", |
| "dest_port", |
| "flow_duration_ms", |
| "total_fwd_packets", |
| "total_bwd_packets", |
| "total_bytes_fwd", |
| "total_bytes_bwd", |
| "fwd_packet_len_mean", |
| "fwd_packet_len_std", |
| "bwd_packet_len_mean", |
| "bwd_packet_len_std", |
| "flow_bytes_per_sec", |
| "flow_packets_per_sec", |
| "inter_arrival_time_mean", |
| "inter_arrival_time_std", |
| "tcp_flag_syn_count", |
| "tcp_flag_ack_count", |
| "tcp_flag_fin_count", |
| "tcp_flag_rst_count", |
| "tcp_flag_psh_count", |
| "tcp_flag_urg_count", |
| "retransmission_flag", |
| "fragmentation_flag", |
| "protocol_violation_flag", |
| "payload_entropy_mean", |
| "retransmission_rate", |
| "protocol_violation_count", |
| "c2_beacon_flag", |
| "session_risk_score", |
| "trust_level", |
| "avg_concurrent_flows", |
| "bandwidth_mbps", |
| "nat_enabled", |
| "ids_coverage", |
| "diurnal_peak_factor", |
| "feature_space_dim", |
| "alert_threshold", |
| "retraining_cadence_days", |
| "ensemble_size", |
| "device_count", |
| "iat_cv", |
| "fwd_bwd_byte_ratio", |
| "bytes_per_packet_fwd", |
| "tcp_flag_anomaly_score", |
| "payload_density", |
| "hour_of_day", |
| "is_off_hours", |
| "is_well_known_dest_port", |
| "is_ephemeral_src_port", |
| "protocol_DNS", |
| "protocol_FTP", |
| "protocol_HTTPS", |
| "protocol_NTP", |
| "protocol_SMTP", |
| "protocol_SSH", |
| "protocol_TCP", |
| "protocol_UDP", |
| "flow_lifecycle_phase_connection_initiation", |
| "flow_lifecycle_phase_connection_teardown", |
| "flow_lifecycle_phase_data_transfer", |
| "flow_lifecycle_phase_protocol_handshake", |
| "flow_lifecycle_phase_session_maintenance", |
| "source_device_type_cloud_service", |
| "source_device_type_iot_device", |
| "source_device_type_mobile_endpoint", |
| "source_device_type_ot_controller", |
| "source_device_type_server", |
| "source_device_type_workstation", |
| "dest_device_type_cloud_service", |
| "dest_device_type_iot_device", |
| "dest_device_type_mobile_endpoint", |
| "dest_device_type_ot_controller", |
| "dest_device_type_server", |
| "dest_device_type_workstation", |
| "segment_type_cloud_workload", |
| "segment_type_corporate_lan", |
| "segment_type_data_centre_spine", |
| "segment_type_dmz_perimeter", |
| "segment_type_endpoint_fleet", |
| "segment_type_guest_wifi", |
| "segment_type_ot_ics_control_network", |
| "segment_type_soc_management_plane", |
| "segment_type_zero_trust_segment", |
| "firewall_policy_default_deny", |
| "firewall_policy_open_permissive", |
| "firewall_policy_stateful_inspection", |
| "firewall_policy_strict_allowlist", |
| "firewall_policy_zone_based", |
| "qos_policy_best_effort", |
| "qos_policy_dscp_expedited", |
| "qos_policy_none", |
| "qos_policy_priority_queue", |
| "qos_policy_weighted_fair_queue", |
| "defender_architecture_autoencoder_anomaly", |
| "defender_architecture_ensemble_stacked", |
| "defender_architecture_gradient_boosted_tree", |
| "defender_architecture_isolation_forest", |
| "defender_architecture_lstm_behavioural", |
| "defender_architecture_neural_network_dense", |
| "defender_architecture_rule_based_threshold", |
| "defender_architecture_transformer_sequence" |
| ], |
| "numeric_features": [ |
| "source_port", |
| "dest_port", |
| "flow_duration_ms", |
| "total_fwd_packets", |
| "total_bwd_packets", |
| "total_bytes_fwd", |
| "total_bytes_bwd", |
| "fwd_packet_len_mean", |
| "fwd_packet_len_std", |
| "bwd_packet_len_mean", |
| "bwd_packet_len_std", |
| "flow_bytes_per_sec", |
| "flow_packets_per_sec", |
| "inter_arrival_time_mean", |
| "inter_arrival_time_std", |
| "tcp_flag_syn_count", |
| "tcp_flag_ack_count", |
| "tcp_flag_fin_count", |
| "tcp_flag_rst_count", |
| "tcp_flag_psh_count", |
| "tcp_flag_urg_count", |
| "retransmission_flag", |
| "fragmentation_flag", |
| "protocol_violation_flag", |
| "payload_entropy_mean", |
| "retransmission_rate", |
| "protocol_violation_count", |
| "c2_beacon_flag", |
| "session_risk_score", |
| "trust_level", |
| "avg_concurrent_flows", |
| "bandwidth_mbps", |
| "nat_enabled", |
| "ids_coverage", |
| "diurnal_peak_factor", |
| "feature_space_dim", |
| "alert_threshold", |
| "retraining_cadence_days", |
| "ensemble_size", |
| "device_count", |
| "iat_cv", |
| "fwd_bwd_byte_ratio", |
| "bytes_per_packet_fwd", |
| "tcp_flag_anomaly_score", |
| "payload_density", |
| "hour_of_day", |
| "is_off_hours", |
| "is_well_known_dest_port", |
| "is_ephemeral_src_port" |
| ], |
| "categorical_levels": { |
| "protocol": [ |
| "DNS", |
| "FTP", |
| "HTTPS", |
| "NTP", |
| "SMTP", |
| "SSH", |
| "TCP", |
| "UDP" |
| ], |
| "flow_lifecycle_phase": [ |
| "connection_initiation", |
| "connection_teardown", |
| "data_transfer", |
| "protocol_handshake", |
| "session_maintenance" |
| ], |
| "source_device_type": [ |
| "cloud_service", |
| "iot_device", |
| "mobile_endpoint", |
| "ot_controller", |
| "server", |
| "workstation" |
| ], |
| "dest_device_type": [ |
| "cloud_service", |
| "iot_device", |
| "mobile_endpoint", |
| "ot_controller", |
| "server", |
| "workstation" |
| ], |
| "segment_type": [ |
| "cloud_workload", |
| "corporate_lan", |
| "data_centre_spine", |
| "dmz_perimeter", |
| "endpoint_fleet", |
| "guest_wifi", |
| "ot_ics_control_network", |
| "soc_management_plane", |
| "zero_trust_segment" |
| ], |
| "firewall_policy": [ |
| "default_deny", |
| "open_permissive", |
| "stateful_inspection", |
| "strict_allowlist", |
| "zone_based" |
| ], |
| "qos_policy": [ |
| "best_effort", |
| "dscp_expedited", |
| "none", |
| "priority_queue", |
| "weighted_fair_queue" |
| ], |
| "defender_architecture": [ |
| "autoencoder_anomaly", |
| "ensemble_stacked", |
| "gradient_boosted_tree", |
| "isolation_forest", |
| "lstm_behavioural", |
| "neural_network_dense", |
| "rule_based_threshold", |
| "transformer_sequence" |
| ] |
| }, |
| "label_to_int": { |
| "BENIGN": 0, |
| "MALICIOUS": 1, |
| "AMBIGUOUS": 2 |
| }, |
| "int_to_label": { |
| "0": "BENIGN", |
| "1": "MALICIOUS", |
| "2": "AMBIGUOUS" |
| } |
| } |
